New RFID Security Card Generates One-time Password for Secure Log-in

security-card-one-time-password-RFID-blogInfineon and Bundesdruckerei GmbH have worked together to develop a new RFID security card with an LED display and a one-time password. The card contains a security chip which generates a one-time password for each transaction and displays this on the integrated LED display.

The new contactless security card combines static and dynamic PIN. The future holder receives the card with a static password that can be made up of a sequence of numbers. Each time the card is used, a dynamic PIN supplement (one-time password) is requested. The dynamic PIN is automatically generated for each transaction by the security chip in the card and displayed on the integrated LED display.

The chip uses the energy radiated from the card reader to power the security chip and generate the password as well as to power the display elements. The LED display itself is embedded into the card so that the digits light up on the card surface.

Requesting the one-time password in addition to the static password adds security of authentication and payment applications and protects against attacks on e.g. company networks and against card manipulation. Even if the static PIN is stolen or read out by malware, it cannot be used by an unauthorized party when the dynamic PIN supplement is missing. The dynamic PIN, on the other hand, is only generated on the card and cannot be read from the card’s display by malware.

The card can be used for all log-in scenarios, such as logging in at a PC into a company network or into social networks on the net. The new technology is also suitable for many other card systems. It could be used, for instance, to boost security for card payments (EC cards or credit cards).